Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems Security Advisories

Loading...
High
GSA_kwCzR0hTQS1nN3hxLXh2OGMtaDk4Y84AA7Da
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS12Zm12LWpmYzUtcGpqd84AA6Re
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 25 days ago
High
GSA_kwCzR0hTQS01OTJqLTk5NWgtcDIzas4AA6RV
RDoc RCE vulnerability with .rdoc_options
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
High
GSA_kwCzR0hTQS12NWg2LWMyaHYtaHYzcs4AA6RU
StringIO buffer overread vulnerability
Ecosystems: rubygems
Packages: stringio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS12Y2MzLXJ3NmYtanY5N84AA6Gq
Use-after-free in libxml2 via Nokogiri::XML::Reader
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Ecosystems: rubygems
Packages: rotp
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerability
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNDJwLTR2MzktMnY4Z84AA56s
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jOHY2LTc4Nmctdmp4Ns4AA5mu
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD
Rack has possible DoS Vulnerability with Range Header
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04bXE0LTlqamgtOXhyY84AA5l2
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Ecosystems: rubygems
Packages: yard
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04aDIyLThjZjctaHE2Z84AA5jP
Rails has possible Sensitive Session Information Leak in Active Storage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05ODIyLTZtOTMteHFmNM4AA5jO
Rails has possible XSS Vulnerability in Action Controller
Ecosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1qamh4LWpodnAtNzR3cc4AA5jN
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03ODVnLTI4MnEtcHd2eM4AA5gh
Rack CORS Middleware has Insecure File Permissions
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05dzk5LTc4cmotaG14cc4AA5Zn
Cross-site scripting (XSS) in the dynamic file uploads
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry period
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mM3FtLXZmYzMtamc2ds4AA5ZJ
Possible CSRF attack at questionnaire templates preview
Ecosystems: rubygems
Packages: decidim-templates
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in Endorsements
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jbWg5LXJ4ODUteGozOM4AA5P5
XSS sidekiq-unique-jobs UI server vulnerability
Ecosystems: rubygems
Packages: sidekiq-unique-jobs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14Yzl4LWpqNzctOXA5as4AA5Ek
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nOHZwLTJ2NXAtOXFmaM4AA4ir
Cross-site scripting (XSS) in Action messages on Avo
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1naGp2LW1oNngtN3E2aM4AA4eR
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jMmY0LWN2cW0tNjV3Ms4AA4Qh
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13ZjJ4LTh3NmotcXczN84AA4My
view_component Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: view_component
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 4 months ago
High
GSA_kwCzR0hTQS01ZzY2LTYyOGYtN2N2as4AA4Lx
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Ecosystems: rubygems
Packages: omniauth-microsoft_graph
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14aHZ2LTNqd3ctYzQ4N84AA4D6
ActiveAdmin CSV Injection leading to sensitive information disclosure
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yOHh4LTh2bTgteDZ3as4AA34N
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nYzNqLXZ2d2YtNHJwOM4AA34M
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yOW1xLW03MngtMjU3Z84AA34L
Resque vulnerable to reflected XSS in Queue Endpoint
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05aG1xLWZtMzMteDR4eM4AA34I
Resque Scheduler Reflected XSS In Delayed Jobs View
Ecosystems: rubygems
Packages: resque-scheduler
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 4 months ago
High
GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leak
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magick
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 6 months ago
High
GSA_kwCzR0hTQS0zcHg3LWptMnAtNmgyY84AA2oN
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Ecosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
svg_optimizer rubygem external XML entity (XXE) vulnerability
Ecosystems: rubygems
Packages: svg_optimizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerability
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03eHZjLXY0NGotNDZmaM4AA2RG
geokit-rails Command Injection vulnerability
Ecosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 7 months ago
High
GSA_kwCzR0hTQS02MzloLTg2aHctcWNqcc4AA2Qo
Decidim has broken access control in templates
Ecosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zcWMyLXYzaHAtNmN2OM4AA13Y
sidekiq Denial of Service vulnerability
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1wMjVtLWpwajQtcWNycs4AA127
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jcjVxLTZxOWYtcnE2cc4AA1eP
Active Support Possibly Discloses Locally Encrypted Files
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 54.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03dmg3LWZ3ODgtd2o4N84AA1Il
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02andjLXFyMnEtN3h3as4AA1CM
protocol-http1 HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: protocol-http1
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 9 months ago
High
GSA_kwCzR0hTQS12Yzc5LTY1cHItcTgyds4AA0uC
rswag vulnerable to arbitrary JSON and YAML file read via directory traversal
Ecosystems: rubygems
Packages: rswag
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS00NjloLW1xZzgtNTM1cs4AA0m3
Decidim Cross-site Scripting vulnerability in the external link redirections
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 9 months ago
High
GSA_kwCzR0hTQS01NjUyLTkycjktM2Z4Oc4AA0m4
Decidim Cross-site Scripting vulnerability in the processes filter
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 9 months ago
High
GSA_kwCzR0hTQS1qbTc5LTlwbTQtdnJ3Oc4AA0m2
Decidim vulnerable to sensitive data disclosure
Ecosystems: rubygems
Packages: decidim-meetings, decidim
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05aHhmLXBwanYtdzZycc4AA0dy
gRPC connection termination issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 63.4
Published: 10 months ago
High
GSA_kwCzR0hTQS02NjI4LXE2ajktdzh2Z84AA0dX
gRPC Reachable Assertion issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 89.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1mNXd3LWNxM20tcTNnN84AA0Xi
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1jZmdwLTI5NzctMmZtbc4AA0N9
Connection confusion in gRPC
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 88.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1od3cyLTVnODUtNDI5bc4AA0Ip
URI gem has ReDoS vulnerability
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00Zzh2LXZnNDMtd3BnZs4AA0Io
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerability
Ecosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03dzJjLXc0N2gtNzg5d84AAzyW
Doorkeeper Improper Authentication vulnerability
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14cDVoLWY4amYtcmM4cc4AAzxa
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1oMndtLXAydmctNnB3NM4AAzxZ
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Ecosystems: rubygems
Packages: kredis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1xY20zLXZmcTUtd2ZyMs4AAzr_
RedCloth Regular Expression Denial of Service issue
Ecosystems: rubygems
Packages: RedCloth
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 11 months ago
High
GSA_kwCzR0hTQS04NmgyLTJnNGctMjlxeM4AAzr6
avo possible unsafe reflection / partial DoS vulnerability
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 11 months ago
High
GSA_kwCzR0hTQS01Y3I5LTVqeDMtMmczOc4AAzrM
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yMzY0LTJwajQtcGY3Zs4AAzf1
ruby-saml vulnerable to XPath injection
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS14NDg3LTg2Nm0tcDhocs4AAze4
Server-Side Template Injection in Camaleon CMS
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errors
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 12 months ago
Critical
GSA_kwCzR0hTQS02dzRtLTJ4aGctMjY1OM4AAy-v
Buffer overflow in sponge queue functions
Ecosystems: rubygems, pypi
Packages: sha3, pysha3
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: 12 months ago
Low
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 12 months ago
High
GSA_kwCzR0hTQS1oM3I4LWg1cXctNHIzNc4AAy6H
sidekiq vulnerable to cross-site scripting
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: 12 months ago
High
GSA_kwCzR0hTQS1jcWYzLXZweDctcnhod84AAy5d
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
Ecosystems: rubygems
Packages: pay
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00OHdwLXA5cXYtNGo2NM4AAytp
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1weHZnLTJxajUtMzdqcc4AAytn
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14Mnh3LWh3OGctNjc3M84AAyrS
govuk_tech_docs vulnerable to unescaped HTML on search results page
Ecosystems: rubygems
Packages: govuk_tech_docs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cnhmLXg4cm0tNmdnZ84AAyiM
Fluent Fluentd and Fluent-ui use default password
Ecosystems: rubygems
Packages: fluentd-ui, fluentd
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mZzd4LWc4MnItOTRxY84AAyet
Ruby Time component ReDoS issue
Ecosystems: rubygems
Packages: time
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1odjVqLTNoOWYtOTljMs4AAyes
Ruby URI component ReDoS issue
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tODc1LTN4ZjYtbWY3OM4AAyeB
unpoly-rails Denial of Service vulnerability
Ecosystems: rubygems
Packages: unpoly-rails
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cHF2LW1xdmMtcGN4Ms4AAyKB
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Ecosystems: rubygems
Packages: twitter-bootstrap-rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq
Possible Denial of Service Vulnerability in Rack's header parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wajczLXY1bXctcG05as4AAyIp
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05ZmgzLWo5OW0tZjR2N84AAxys
Code injection in pdf_info
Ecosystems: rubygems
Packages: pdf_info
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wNHh4LXc2ZnItYzR3Oc4AAxVr
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Ecosystems: rubygems
Packages: clockwork_web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nN2dmLTJycXctNXJ3eM4AAxPk
Publify contains Weak Password Requirements
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu
jruby-openssl gem for JRuby fails to do proper certificate validation
Ecosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support's underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 1 year ago
Statistics
Advisories: 17,467
Packages: 8,114
Repositories: 285
Ecosystems: 12
Filter by Severity
Moderate 7,469 High 6,098 Critical 2,660 Low 958
Filter by Ecosystem
maven 5,492 npm 3,495 pypi 3,463 packagist 3,212 go 1,828 nuget 1,388 rubygems 812 cargo 771 swift 31 hex 29 actions 16 pub 8
Filter by Package
actionpack 57 nokogiri 42 rubygems-update 25 puppet 23 rack 22 activerecord 21 publify_core 14 activesupport 14 passenger 13 actionview 12 puma 11 rails 11 jquery-rails 10 fat_free_crm 10 rails-html-sanitizer 9 org.webjars.npm:jquery 9 jquery 9 jQuery 8 decidim 7 jquery-ui 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 org.jruby:jruby-stdlib 7 jQuery.UI.Combined 7 camaleon_cms 6 katello 6 doorkeeper 6 ember-source 6 loofah 6 bundler 5 commonmarker 5 spree 5 spree_auth_devise 5 sinatra 4 sanitize 4 webrick 4 mail 4 activestorage 4 carrierwave 4 grpc 4 devise 4 sidekiq 4 grpcio 4 fluentd 4 avo 4 dragonfly 4 bootstrap 3 decidim-core 3 chartkick 3 bootstrap 3 openssl 3 cgi 3 rubyzip 3 gollum 3 omniauth 3 geminabox 3 resque 3 ruby-saml 3 json-jwt 3 rest-client 3 yard 3 private_address_check 3 rails_admin 3 rack-cors 3 io.grpc:grpc-protobuf 3 rdoc 3 git 3 pdfkit 2 omniauth-facebook 2 paperclip 2 net-ldap 2 echor 2 twitter-bootstrap-rails 2 mini_magick 2 sup 2 phlex 2 sprockets 2 bson 2 json 2 mapbox.js 2 field_test 2 user_agent_parser 2 solidus_core 2 view_component 2 faye 2 pghero 2 spina 2 cocoapods-downloader 2 kramdown 2 solidus_frontend 2 devise-two-factor 2 redcarpet 2 i18n 2 uri 2 httparty 2 VladTheEnterprising 2 ox 2 red-arrow 2 pyarrow 2 radiant 2 mechanize 2 activeadmin 2 google-protobuf 2 logstash-core 2 administrate 2 com.google.protobuf:protobuf-kotlin 2 com.google.protobuf:protobuf-java 2 yajl-ruby 2 pageflow 2 secure_headers 2 safemode 2 git-fastclone 2 facter 2 ruby-openid 2 decidim-templates 2 qiita-markdown 2 bootstrap-sass 2 mapbox-rails 2 twitter-stream 1 solidus_auth_devise 1 keynote 1 foreman_ansible 1 gitlab-grit 1 geokit-rails 1 blazer 1 solidus_backend 1 railties 1 multi_xml 1 rmagick 1 hiera 1 mcollective-client 1 wicked 1 actionmailer 1 hub 1 kelredd-pruview 1 sqlite3-ruby 1 github.com/github/hub 1 websocket-extensions 1 thin 1 rack-mini-profiler 1 ruby-jss 1 cap-strap 1 matestack-ui-core 1 sha3 1 restforce 1 pysha3 1 ruby_parser 1 better_errors 1 mongrel 1 unpoly-rails 1 bindata 1 oxidized-web 1 github.com/pubnub/swift 1 pubnub 1 pubnub 1 pubnub/pubnub 1 pubnub 1 pubnub 1 Pubnub 1 github.com/pubnub/go/v5 1 github.com/pubnub/go/v6 1 github.com/pubnub/go 1 github.com/pubnub/go/v7 1 com.pubnub:pubnub 1 rubocop 1 ruby-mysql 1 gtk2 1 rotp 1 @turbo-boost/commands 1 turbo_boost-commands 1 stringio 1 discordrb 1 diffy 1 recurly 1 md2pdf 1 sounder 1 date 1 octopoller 1 paratrooper-newrelic 1 jmespath 1 trilogy 1 sentry-raven 1 devise_invitable 1 ftpd 1 tweetstream 1 flash_tool 1 lean-ruport 1 openshift-origin-node 1 point-cli 1 govuk_tech_docs 1 audited 1 omniauth-apple 1 spree_api 1 omniauth-auth0 1 shrine 1 message_bus 1 inline_svg 1 pdf_info 1 rswag 1 resque-scheduler 1
Filter by Repository
https://github.com/rails/rails 53 https://github.com/sparklemotion/nokogiri 31 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 17 https://github.com/puppetlabs/puppet 15 https://github.com/publify/publify 13 https://github.com/puma/puma 11 https://github.com/jquery/jquery 10 https://github.com/phusion/passenger 10 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/decidim/decidim 8 https://github.com/doorkeeper-gem/doorkeeper 6 https://github.com/flavorjones/loofah 6 https://github.com/jquery/jquery-ui 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/solidusio/solidus 5 https://github.com/sinatra/sinatra 4 https://github.com/rgrove/sanitize 4 https://github.com/owen2345/camaleon-cms 4 https://github.com/mikel/mail 4 https://github.com/markevans/dragonfly 4 https://github.com/Katello/katello 4 https://github.com/ruby/openssl 4 https://github.com/grpc/grpc 4 https://github.com/avo-hq/avo 4 https://github.com/carrierwaveuploader/carrierwave 4 https://github.com/fluent/fluentd 4 https://github.com/rubyzip/rubyzip 3 https://github.com/ruby-git/ruby-git 3 https://github.com/rubygems/rubygems.org 3 https://github.com/rest-client/rest-client 3 https://github.com/resque/resque 3 https://github.com/cyu/rack-cors 3 https://github.com/geminabox/geminabox 3 https://github.com/spree/spree 3 https://github.com/gollum/gollum 3 https://github.com/jtdowney/private_address_check 3 https://github.com/gjtorikian/commonmarker 3 https://github.com/lsegal/yard 3 https://github.com/twbs/bootstrap 3 https://github.com/increments/qiita-markdown 2 https://github.com/ruby/webrick 2 https://github.com/ruby/uri 2 https://github.com/ruby/rdoc 2 https://github.com/activeadmin/activeadmin 2 https://github.com/ruby-ldap/ruby-net-ldap 2 https://github.com/jnunemaker/httparty 2 https://github.com/ankane/chartkick 2 https://github.com/ankane/field_test 2 https://github.com/ankane/pghero 2 https://github.com/brianmario/yajl-ruby 2 https://github.com/CocoaPods/cocoapods-downloader 2 https://github.com/codevise/pageflow 2 https://github.com/github/cmark-gfm 2 https://github.com/emberjs/ember.js 2 https://github.com/faye/faye 2 https://github.com/mongodb/bson-ruby 2 https://github.com/protocolbuffers/protobuf 2 https://github.com/plataformatec/devise 2 https://github.com/mperham/sidekiq 2 https://github.com/nov/json-jwt 2 https://github.com/phlex-ruby/phlex 2 https://github.com/gettalong/kramdown 2 https://github.com/openid/ruby-openid 2 https://github.com/omniauth/omniauth 2 https://github.com/ohler55/ox 2 https://github.com/vmg/redcarpet 2 https://github.com/sparklemotion/mechanize 2 https://github.com/twitter/secure_headers 2 https://github.com/square/git-fastclone 2 https://github.com/tinfoil/devise-two-factor 2 https://github.com/sup-heliotrope/sup 2 https://github.com/svenfuchs/i18n 2 https://github.com/svenfuchs/safemode 2 https://github.com/thoughtbot/paperclip 2 https://github.com/sidekiq/sidekiq 2 https://gitlab.com/gitlab-org/cves 2 https://github.com/github/view_component 1 https://github.com/github/trilogy 1 https://github.com/github/hub 1 https://github.com/twbs/bootstrap-sass 1 https://github.com/kaminari/kaminari 1 https://github.com/theforeman/ldap_fluff 1 https://github.com/getsentry/raven-ruby 1 https://github.com/geokit/geokit-rails 1 https://github.com/tzinfo/tzinfo 1 https://github.com/gazay/gon 1 https://github.com/fnando/svg_optimizer 1 https://github.com/ua-parser/uap-core 1 https://github.com/flori/json 1 https://github.com/ua-parser/uap-ruby 1 https://github.com/ffi/ffi 1 https://github.com/faye/websocket-extensions-ruby 1 https://github.com/faye/faye-websocket-ruby 1 https://github.com/unpoly/unpoly-rails 1 https://github.com/ViewComponent/view_component 1 https://github.com/theforeman/foreman_fog_proxmox 1 https://github.com/exiftool-rb/exiftool_vendored.rb 1 https://github.com/excon/excon 1 https://github.com/evan/ccsv 1 https://github.com/jnunemaker/crack 1 https://github.com/jmespath/jmespath.rb 1 https://github.com/jirutka/asciidoctor-include-ext 1 https://github.com/jgarber/redcloth 1 https://github.com/jekyll/jekyll 1 https://github.com/janko/image_processing 1 https://github.com/jamesmartin/inline_svg 1 https://github.com/thoughtbot/cocaine 1 https://github.com/inukshuk/bibtex-ruby 1 https://github.com/jordansissel/ruby-arr-pm 1 https://github.com/josh/rack-ssl 1 https://github.com/imsebao/404team 1 https://github.com/thoughtbot/clearance 1 https://github.com/igrigorik/em-http-request 1 https://github.com/hopsoft/turbo_boost-commands 1 https://github.com/heartcombo/devise 1 https://github.com/thoughtbot/administrate 1 https://github.com/haml/haml 1 https://github.com/halostatue/minitar 1 https://github.com/Gurpartap/aescrypt 1 https://github.com/tigris/open-uri-cached 1 https://github.com/theforeman/smart_proxy_dynflow 1 https://github.com/GNOME/libxml2 1 https://github.com/TrestleAdmin/trestle-auth 1 https://github.com/binarylogic/authlogic 1 https://github.com/BetterErrors/better_errors 1 https://github.com/beenhero/omniauth-weibo-oauth2 1 https://github.com/bdmac/strong_password 1 https://github.com/bbatsov/rubocop 1 https://github.com/basecamp/marginalia 1 https://github.com/basecamp/easymon 1 https://github.com/aws/aws-sdk-ruby 1 https://github.com/zendesk/samlr 1 https://github.com/auth0/omniauth-auth0 1 https://github.com/asteinhauser/fat_free_crm 1 https://github.com/asciidoctor/asciidoctor 1 https://github.com/ankane/pgsync 1 https://github.com/zenspider/ruby_parser-legacy 1 https://github.com/zvory/csv-safe 1 https://github.com/ankane/clockwork_web 1 https://github.com/ankane/chartkick.js 1 https://gitlab.com/2013/11 1 https://github.com/ankane/blazer 1 https://github.com/amro/gibbon 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/alexreisner/geocoder 1 https://github.com/AlchemyCMS/alchemy_cms 1 https://github.com/airbrake/airbrake-ruby 1 https://github.com/ahorner/text-helpers 1 https://github.com/affix/CVE-2022-36231 1 https://github.com/adamzaninovich/sounder 1 https://github.com/elastic/logstash 1 https://github.com/elastic/apm-agent-ruby 1 https://github.com/ejschmitt/delayed_job_web 1 https://github.com/dspinhirne/netaddr-rb 1 https://github.com/doorkeeper-gem/doorkeeper-openid_connect 1 https://github.com/voloko/twitter-stream 1 https://github.com/dmendel/bindata 1 https://github.com/discourse/rails_multisite 1 https://github.com/discourse/message_bus 1 https://github.com/denkGroot/Spina 1 https://github.com/dejan/espeak-ruby 1 https://github.com/wconrad/ftpd 1 https://github.com/datamapper/extlib 1 https://github.com/webbynode/webbynode 1 https://github.com/ConradIrwin/em-imap 1 https://github.com/collectiveidea/audited 1 https://github.com/whiteleaf7/narou 1 https://github.com/codders/dataset 1 https://github.com/wycats/handlebars.js 1 https://github.com/chef/mixlib-archive 1 https://github.com/cgriego/active_attr 1 https://github.com/XKCP/XKCP 1 https://github.com/camilova/activerecord-update-by-case 1 https://github.com/bvsatyaram/random_password_generator 1 https://github.com/bundler/bundler 1 https://github.com/ytti/oxidized-web 1 https://github.com/sinatra/rack-protection 1 https://github.com/rf-/keynote 1 https://github.com/restforce/restforce 1 https://github.com/sisimai/rb-sisimai 1 https://github.com/resque/resque-scheduler 1 https://github.com/Smashing/smashing 1 https://github.com/redis-store/redis-store 1 https://github.com/recurly/recurly-client-ruby 1 https://github.com/rdoc/rdoc 1 https://github.com/rcook/rgpg 1 https://github.com/rapid7/metasploit-framework 1 https://github.com/rails/web-console 1 https://github.com/rails/sprockets 1 https://github.com/Snorby/snorby 1 https://github.com/socketry/protocol-http1 1 https://github.com/rails/kredis 1 https://github.com/rails/jquery-rails 1 https://github.com/rails/globalid 1 https://github.com/railsdog/spree 1 https://github.com/railsadminteam/rails_admin 1 https://github.com/rails/activeresource 1